registry  /  infinicode  /  2.3.4

infinicode@2.3.4

OpenKernel — provider-agnostic AI execution kernel. Native coding agent + mission-driven execution runtime.

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is an AI kernel/CLI with user-invoked networking, local mesh/MCP controls, provider API calls, and verification command execution aligned with its stated functionality.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs infinicode CLI commands such as run, serve, mcp, mission, or install-tui.
Impact
No unconsented install-time/import-time execution, credential exfiltration, persistence, or destructive behavior confirmed.
Mechanism
package-aligned AI agent CLI and local mesh control surface
Rationale
Static inspection found dangerous primitives, but they are exposed as explicit AI-agent, mesh, MCP, TUI installation, and verification features rather than hidden lifecycle/import-time behavior. No concrete malicious persistence, harvesting, exfiltration, or unconsented AI-agent control-surface mutation was found.
Evidence
package.jsonbin/infinicode.jsdist/cli.jsdist/commands/run.jsdist/commands/install-tui.jsdist/kernel/mcp/mcp-server.jsdist/kernel/federation/transport-http.jsdist/kernel/federation/federation.jsdist/kernel/verification-exec.js.opencode/plugins/mesh-commands.tsx
Network endpoints11
127.0.0.1:47913/fed/manifest127.0.0.1:47913/fed/command/fed/rpc/fed/stream/api/tagsapi.groq.com/openaiopenrouter.ai/api/v1models.inference.ai.azure.comintegrate.api.nvidia.com/v1router.huggingface.co/v1generativelanguage.googleapis.com/v1beta

Decision evidence

public snapshot
AI called this Clean at 84.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/kernel/verification-exec.js can spawn user/workspace verification commands when missions produce code.
  • dist/kernel/mcp/mcp-server.js exposes user-invoked MCP tools for dispatch, slash commands, roles, and goals.
  • dist/commands/install-tui.js can download or copy a TUI binary only when the install-tui command is run.
Evidence against
  • package.json has no install/postinstall/prepare hook; prepublishOnly only runs npm run build for publishing.
  • bin/infinicode.js only imports dist/cli.js; default run path is CLI/TUI launch, not hidden import-time payload.
  • dist/commands/run.js network calls are aligned with configured Ollama, mesh localhost, and enabled AI providers.
  • .opencode/plugins/mesh-commands.tsx posts slash commands to local INFINICODE_MESH_URL/127.0.0.1 only.
  • No credential harvesting or exfiltration logic found; API keys are used as provider auth from user config.
  • Remote command/task surfaces require explicit serve/mcp/run usage and optional bearer tokens, matching package purpose.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 82 file(s), 2.90 MB of source, external domains: 127.0.0.1, aistudio.google.com, api.groq.com, api.telegram.org, build.nvidia.com, console.groq.com, docs.sglang.ai, docs.vllm.ai, generativelanguage.googleapis.com, github.com, html.duckduckgo.com, huggingface.co, integrate.api.nvidia.com, lmstudio.ai, models.inference.ai.azure.com, opencode.ai, openrouter.ai, router.huggingface.co

Source & flagged code

1 flagged · loading source
dist/commands/run.jsView file
matchType = previous_version_dangerous_delta matchedPackage = infinicode@2.3.3 matchedIdentity = npm:aW5maW5pY29kZQ:2.3.3 similarity = 0.963 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/commands/run.jsView on unpkg

Findings

1 Critical3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/commands/run.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings